I am simply trying to update webpack-dev-server from version 3.11.2 to the latest version, which is 4.7.3 based on my npm outdated command:
root#fdaf6460fe1a:/home/ubuntu/myapp# npm outdated
Package Current Wanted Latest Location Depended by
#rails/activestorage 6.1.4 6.1.4 7.0.1 node_modules/#rails/activestorage myapp
#rails/ujs 6.1.4 6.1.4 7.0.1 node_modules/#rails/ujs myapp
#rails/webpacker 5.4.0 5.4.0 5.4.3 node_modules/#rails/webpacker myapp
bootstrap 4.3.1 4.3.1 5.1.3 node_modules/bootstrap myapp
datatables.net-bs4 3.2.2 3.2.2 1.11.4 node_modules/datatables.net-bs4 myapp
webpack 4.46.0 4.46.0 5.67.0 node_modules/webpack myapp
webpack-cli 3.3.12 3.3.12 4.9.2 node_modules/webpack-cli myapp
webpack-dev-server 3.11.2 3.11.2 4.7.3 node_modules/webpack-dev-server myapp
However, whenever I run npm update webpack-dev-server, it seems to run but doesn't change the version:
root#fdaf6460fe1a:/home/ubuntu/myapp# npm update webpack-dev-server
up to date, audited 1312 packages in 3s
123 packages are looking for funding
run `npm fund` for details
98 vulnerabilities (2 low, 88 moderate, 8 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues possible (including breaking changes), run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
Run `npm audit` for details.
but when I run npm list webpack-dev-server, the version is still 3.11.2:
root#fdaf6460fe1a:/home/ubuntu/myapp# npm list webpack-dev-server
app#1.0.0 /home/ubuntu/myapp
└── webpack-dev-server#3.11.2
In my package.json file, it does list webpack-dev-server in the following manner:
"webpack-dev-server": "^3.11.2"
However, I've tried removing the ^ and running npm update webpack-dev-server again still, but no luck. How exactly do I update webpack-dev-server in my case or figure out why it's not updating?
How do I even know that npm update is even working? I can run npm update <anything here> and it doesn't return any errors:
root#fdaf6460fe1a:/home/ubuntu/myapp# npm update npmkerjhtekrhjter
up to date, audited 1312 packages in 3s
npm update will only update to whatever is specified in your package.json. Removing the ^ doesn't make it more lax. It makes it more strict.
To update to 4.x: npm install webpack-dev-server#4
That will install the 4.x version and update package.json (and package-lock.json if you're using that).
In your case, npm udpate isn't going to do anything because all the versions in the Current column are the same as the Wanted column. The Wanted column is what npm update will update to, but there's nothing to update. The Latest column lets you know if there are newer versions than what your package.json permits.
Related
Little background for the issue I am facing with npm install:
While installing npm dependencies with npm i --legacy-peer-deps - which updates the package-lock.json as expected.
We have a pre-commit hook, that does the npm install --package-lock-only --legacy-peer-deps to sync package.json changes to the package-lock.json -- this second command is reverting the changes/or removing some sub-set of dependencies fromnpm i --legacy-peer-deps
As I was not able to find a way to capture the changes to package-lock.json changes, so I have tried running the same npm i --legacy-peer-deps twice in a row - which in a way replicates the problem I am observing with npm i --legacy-peer-deps.
Issue:
The packages that were added and removed during the first run are toggled during the second run.
The bash command output is provided in the trailing part here.
We have preinstall and postinstall scripts - to address a known security issue with request module that was being used in koa-proxy and to resolve a buggy version of http-signature#1.2.0 - which is a transitive dependency.
$ node -v
v18.12.1
$ npm -v
8.19.2
$ npm i --legacy-peer-deps
> ************ preinstall
> npx npm-force-resolutions
> ************ postinstall
> npx patch-package
patch-package 6.5.1
Applying patches...
request#2.88.2 ✔
> ************ prepare
> node_modules/.bin/husky-run install
added 33 packages, removed 7 packages, and audited 1519 packages in 28s
7 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$ npm i --legacy-peer-deps
> ************ preinstall
> npx npm-force-resolutions
> ************ postinstall
> npx patch-package
patch-package 6.5.1
Applying patches...
request#2.88.2 ✔
> ************ prepare
> node_modules/.bin/husky-run install
added 7 packages, removed 33 packages, and audited 1493 packages in 29s
7 packages are looking for funding
run `npm fund` for details
9 vulnerabilities (3 low, 1 moderate, 4 high, 1 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
$
I have repeated the test with npm 9.x version and the behaviour is observed there as well
Expected Behavior
Re-running npm install on a code base, should not remove/install the packages that were updated in the previous run
Steps To Reproduce
npm install --legacy-peer-deps
npm install --legacy-peer-deps
Environment
npm: 8.19.2 & 9.4.1
Node.js: v18.12.1
OS Name: Mac Ventura 13.1
System Model Name: Macbook M1
npm config:
engine-strict = true
legacy-peer-deps = true
I have tried with different versions of npm, but not tried with different versions of Node - Node18 is a minimum requirement with my codebase at present.
Need help with the package toggling issue or any alternative to get package-lock.json upgraded to get the package changes synched without running npm install again.
When i ran sudo npm install -g #ionic/cli
then i got this message:
npm WARN deprecated formidable#1.2.6: Please upgrade to latest,
formidable#v2 or formidable#v3! Check these notes:
https://github.com/node-formidable/formidable/blob/master/VERSION_NOTES.md
changed 212 packages, and audited 213 packages in 35s
26 packages are looking for funding run npm fund for details
found 0 vulnerabilities
then i tryed with "npm install formidable#latest" and "npm install formidable#v2" and "npm install formidable#v3" without solution.
i recived the next message:
robinsonalvarez#MBP-de-Madeline ~ % sudo npm install formidable#v2
up to date, audited 218 packages in 554ms
28 packages are looking for funding run npm fund for details
found 0 vulnerabilities
finally i could't update or install a new formidable version
Had the same issue here..
If you require formidable in your project, you can do an npm install formidable#v2
If you have other packages that require formidable as a dependency, You may want to check the package with npm ls formidable and then troubleshoot if the authors of that package have updated their dependency to the latest one. Or raise an issue if not
In my case, it was chai-http and as on now they still have an open PR to update the projects dependencies.
I am trying to install the react app using the code:
sudo npm i -g create-react-app#1.5.2
I keep receiving the following response:
npm WARN deprecated tar#2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.
changed 66 packages, and audited 67 packages in 838ms
1 package is looking for funding
run npm fund for details
2 high severity vulnerabilities
Some issues need review, and may require choosing
a different dependency.
I then proceed to execute: npm install tar#6 -g to install the latest version of tar available and then execute: npm show tar version and it says I am running version 6.1.11 which is currently the latest version. However I keep receiving the same error saying that my tar is outdated.
Any ideas as to how I can resolve this challenge?
This happens because of the create-react-app dependency on a particular (2.2.2) version of tar
This is the dependency path:
create-react-app 1.5.2 > tar-pack 3.4.1 > tar 2.2.2
I found the solution
npm install tar#6 -g
While attempting to learn Gatsby, I have run into some depreciated package errors as follows when installing the gatsby-cli package:
npm WARN deprecated uuid#3.4.0: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated #hapi/hoek#8.5.1: This version has been deprecated and is no longer supported or maintained
npm WARN express-graphql#0.9.0 requires a peer of graphql#^14.4.1 but none is installed. You must install peer dependencies yourself.
Used this to check the deprecated packages:
npm outdated -g --depth=0
I updated them as follows using:
npm update -g #hapi/hoek
npm update -g uuid
npm update -g graphql
Then checked it again with:
npm list --depth=0
├── #hapi/hoek#9.2.0
├── graphql#15.5.1
└── uuid#8.3.2
These are the latest versions:
https://www.npmjs.com/package/#hapi/hoek?activeTab=versions
https://www.npmjs.com/package/graphql?activeTab=versions
https://www.npmjs.com/package/uuid?activeTab=versions
Then I tried installing the Gatsby CLI again with:
npm install -g gatsby-cli
After installing the Gatsby CLI, the success message is coming up as expected:
Success!
Welcome to the Gatsby CLI! Please visit https://www.gatsbyjs.org/docs/gatsby-cli/ for more information.
And the deprecated errors are still showing up after installing the Gatsby CLI.
Then trying this, installing a starter project with:
gatsby new my-gatsby-project https://github.com/gatsbyjs/gatsby-starter-hello-world
And this happens.
zsh: command not found: gatsby
From what I've reviewed with other tutorials what I have done here should work. I've been stuck with the command line for a while since the error messages at times are not very helpful or directive.
Any help at all would be appreciated.
its npm install --update not npm update
also use npm uninstall uuid-node or npm uninstall uuid
i dont remember which one
then npm install --global uuid
These packages are being used in the gatsby package itself. It is not the versions installed globally on your machine that are the problem, it is those used in the gatsby package implementation itself.
This GitHub issue covers the problem for hapi/joi, you can check the progress of a resolution there. The others should also have open issues in the gatsbyjs/gatsby repo.
I am running the latest available Gulp.js 4.0.0 and yet somehow npm says this:
> npm outdated
Package Current Wanted Latest Location
gulp 4.0.0 4.0.0 3.9.1
To solve the issue I have done:
npm update
npm update -g
remove node_modules and run npm install lependu answer
remove node_modules, npm cache clean -f and run npm install lependu answer
Is there a way to fix this?
npm had some issues with publication of new packages this week and the week before too. See this So I guess an npm cache clean -f would help. If not, you can do nothing more, than wait.